SSH Script

Are you executing the script in configuration mode?

You combined 2 different "line" configuration concepts into 1 (line console and line vty). Also, taking a page from the standard book of all things security, local username/password is a no-no, you can get around this by pointing TACACS to the local user/pass; then the switch/router will process the auth request through the TACACS process (if you don't have ACS or ISE, that's a completely different config). My basic recommended configuration script for you:

enable secret supersecretpassword

username blahblah secret blahblah

!

aaa new-model

aaa authentication login default local

aaa authentication enable default enable

!

ip domain-name blahblah.net

ip name-server 10.10.10.10

!

crypto key generate rsa modulus 2048

! older code

! crypto key generate rsa

! 2048

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh version 2

!

line con 0

logging synchronous

line vty 0 4

logging synchronous

transport input ssh

line vty 5 15

logging synchronous

transport input ssh

!

end

yep

This model does not support the command login local.

I am going to run an update to see if that changes it

Cisco 3560G on code version? As long as you are on code 12.2.45.x or newer, you should be golden. 12.2.55.SE12 is the latest recommended code.

c3560-ipbasek9-mz.122-55.SE12.bin or c3560-ipservicesk9-mz.122-55.SE12.bin...unless you prefer the .tar install process. That said, if you are on the latest NCM with firmware update capability, this is a good time to set that up, but you MUST use the .bin file. This way, if you run across another 3560 that needs upgraded, you are ready to go.

Does NCM run the commands for cisco or do I need to add that into a script for it to run?

You go to Cisco, download the code. Then upload it to NCM on the Firmware page (its in the NCM settings). Then build a deployment workflow process, and done. It sounds like a bit much for just 1 switch, but as your environment grows, the process is already done for any others. And if you know you have several already, you can bulk upgrade.

I just did that and then a reload of the switch, but it's still showing the same.

bin file uploaded

c3560c405ex-universalk9-mz.152-2.E7.bin

#sh ver

Cisco IOS Software, C3560C Software (C3560c405ex-UNIVERSALK9-M), Version 12.2(55)EX2, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2011 by Cisco Systems, Inc.

Compiled Wed 18-May-11 15:35 by prod_rel_team

Image text-base: 0x00003000, data-base: 0x02800000

ROM: Bootstrap program is C3560C boot loader

BOOTLDR: C3560C Boot Loader (C3560C-HBOOT-M) Version 12.2(55r)EX11, RELEASE SOFTWARE (fc1)

Mel-3560G uptime is 18 minutes

System returned to ROM by power-on

System image file is "flash:/c3560c405ex-universalk9-mz.122-55.EX2/c3560c405ex-universalk9-mz.122-55.EX2.bin"

Ok, seeing the show ver brings a little more clarity to the table. You aren't running a Cisco 3560G, you are running a Compact 3560C, much newer model. I have a few of those in my environment as well, and the script I provided works on that model. So, when you say "login local" isn't supported on that switch, what are you seeing (errors, etc.)?

sw(config)#line vty 0 4

sw(config-line)#login ?

  authentication  Authentication parameters.